Cracking 400,000 Passwords
Matt Weir PhD Student, Florida State University
Professor Sudhir Aggarwal Florida State University
Remember when phpbb.com was hacked in January and over 300,000 usernames and passwords were disclosed? Don't worry though, the hacker only tried to crack a third of them, (dealing with big password lists is a pain), and of those he/she only broke 24%. Of course the cracked password weren't very surprising. Yes, we already know people use "password123". What's interesting though is figuring out what the other 76% of the users were doing. In this talk I'll discuss some of my experiences cracking passwords, from dealing with large password lists, (89% of the phpbb.com list cracked so far), salted lists, (Web Hosting Talk), and individual passwords, (TrueCrypt is a pain). I'll also be releasing the tools and scripts I've developed along the way.